ISC Tech Notes

ISC Technical Note Series

These technical notes describe findings or methodologies in use at ISC that may
be of use to other members of the Internet technical community.

  • ISC-TN-2008-1 · BIND 9 performance serving large zones under
    update     · [html]

    This Technical Note reports the final results of the joint ISC/CAIDA
    project to measure the performance of DNS protocols using commodity hardware
    and open-source software. This work was sponsored in part by the National Science
    Foundation via grant NSF OARC DNS SCI CISE SCI-0427144.

  • ISC-TN-2007-1 · Setting up BIND to Run as a Recursive Nameserver · [text] [html]

    This Technical Note instructs a moderately-experienced systems administrator
    on the steps necessary to quickly set up a recursive (caching-only) nameserver
    for use on a system or trusted local network.

  • ISC-TN-2006-2 · DNS Performance Testbed Design · [text] [html]

    Internet Systems Consortium (ISC) is building a testbed that will
    be used to make full-scale measurements of the performance of DNS servers and
    protocols on the same scale as global root and TLD servers. This brief document
    describes the design of that testbed and explains the various design decisions.
    This work is sponsored in part by the National Science Foundation via grant
    NSF OARC DNS SCI CISE SCI-0427144.

  • ISC-TN-2006-1 · DNSSEC Lookaside Validation (DLV) · [text] [html]

    Domain Name System Security (DNSSEC) relies on a top-down certification
    chain whereby security information about each zone is introduced by its parent.
    This memo describes an instance of local policy whereby security information
    can be introduced by cooperating third parties, thus enabling deployment of
    DNSSEC in zones whose parents are not yet secure. This is an early deployment
    aid, and is not intended to replace DNSSEC's top-down certification chain.

  • ISC-TN-2004-2 · The role of the Domain Name System in the
    development of new Internet services     · [html]

    The Domain Name System is nearly 20 years old. New Internet services
    place new demands on it. It has been common in the past to satisfy demands
    on the DNS by exploiting loopholes in its specification. We propose that a
    more-sound implementation technique for a new service would be a combination
    of using a new top-level domain (TLD) and using that TLD to identify the principal
    service type, so that it would not be confused with existing services such
    as the World Wide Web or email.

  • ISC-TN-2004-1 · A Software Approach to Distributing Requests
    for DNS Service     · [text] [html]

    This paper describes an approach for deploying authoritative name
    servers using a cluster of hosts, across which the load of client requests
    is distributed. DNS services deployed in this fashion enjoy high availability
    and are also able to scale to increasing request loads in a straightforward
    manner.

  • ISC-TN-2003-1 · Hierarchical Anycast for Global Service Distribution · [text] [html]

    This document describes an approach which allows a particular service
    on the Internet to be distributed, such that the service can be implemented
    by geographically and topologically dispersed components. By distributing components
    in this manner a stable service may be provided to a wide audience even in
    the event of serious problems which cause individual components of the distributed
    service infrastructure to fail or otherwise become unavailable.

  • ISC-TN-2002-2 · Running An Authoritative-Only BIND Nameserver · [text] [html]

    Nameservers (BIND) fulfill two functions: serving authoritative
    data for delegated zones, and relaying queries and responses for non-authoritative
    zones. In the interest of security, operators generally should not use a single
    nameserver for both functions. This note explains why, and how, you should
    configure BIND to implement these functions separately.

  • ISC-TN-2002-1 · Using DNAME to rename IP6.INT · [text] [html]

    Various political and technical pressures have recently led to the
    deprecation of the IP6.INT name space in favour of IP6.ARPA. This makes IPv6
    PTR data management difficult, since interim clients will search IP6.INT while
    standard clients will search IP6.ARPA. We present a simple method based on
    DNAME RR's (see [RFC2672]) and ISC BIND9 whereby zone information can be managed
    in a single location and then made visible in two namespaces.

Share this